Security setting to prevent passive ftp?
Jon August
jon at internection.com
Sun Jul 24 13:38:35 UTC 2005
Hmm - looks like that module fails to load. Is there a log that
would explain why this failed? Thanks for the help!
$ sudo /etc/rc.d/init.d/iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: iptables_conntrack_ftp[FAILED]
-Jon
On Jul 24, 2005, at 6:36 AM, Matthew Saltzman wrote:
> On Sat, 23 Jul 2005, Jonathan August wrote:
>
>
>
>>
>> The modprobe ip_conntrack_ftp doesn't return anything and it seems
>> to still have an issue... Do I need to reboot or something?
>>
>>
>
> You can tell if the modprobe had the desired effect by issuing lsmod.
>
>
>
>>
>> Also, what do I add to /etc/sysconfig/iptables-config? There just
>> seems to be a few things in there with YES or NO settings...
>>
>>
>
> IPTABLES_MODULES="iptables_conntrack_ftp"
>
> No need to reboot, but you could "/sbin/service iptables restart".
> Shouldn't be necessary after the modprobe, but the iptables-config
> entry only takes effect after restarting iptables.
>
> Are you sure all appropriate ports (20 and 21) are open (on the
> server and through the firewall)? Is ncftpd configured correctly
> for passive access?
> (I don't know anything about configuring ncftpd. Just trying to
> think of things to check.)
>
>
>
>>
>> ??
>>
>> Thanks,
>> -Jon
>>
>>
>>
>> On Jul 23, 2005, at 10:12 AM, Matthew Saltzman wrote:
>>
>>
>>
>>> On Sat, 23 Jul 2005, Alexander Dalloz wrote:
>>>
>>>
>>>> Am Sa, den 23.07.2005 schrieb Jonathan August um 15:38:
>>>>
>>>>
>>>>> For my users that use passive ftp, when they connect to ncftpd
>>>>> on my
>>>>> server, the connection takes a long time and eventually for
>>>>> them as
>>>>> dialup users, it times out. If I try to ftp to the machine
>>>>> behind my
>>>>> firewall and specify to use passive, as soon as I try anything
>>>>> that
>>>>> sends data (ls, put, get), the connection gets dropped. I
>>>>> turned off
>>>>> SELinux, but this didn't help. Any ideas?
>>>>> -Jon
>>>>>
>>>>>
>>>> modprobe ip_conntrack_ftp
>>>>
>>>>
>>> And to make it permanent, add to /etc/sysconfig/iptables-config.
>>>
>>>
>>>> Alexander
>>>>
>>>>
>>> --
>>> Matthew Saltzman
>>> Clemson University Math Sciences
>>> mjs AT clemson DOT edu
>>> http://www.math.clemson.edu/~mjs
>>> --
>>> fedora-list mailing list
>>> fedora-list at redhat.com
>>> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>>>
>>>
>>
>>
>>
>>
>>
>
> --
> Matthew Saltzman
>
> Clemson University Math Sciences
> mjs AT clemson DOT edu
> http://www.math.clemson.edu/~mjs
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
>
More information about the fedora-list
mailing list